CVE-2020-15400: Cross-Site Request Forgery (CSRF)

June 30, 2020 (updated July 21, 2021)

CakePHP mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.

References

bakery.cakephp.org/2020/04/18/cakephp_406_released.html
nvd.nist.gov/vuln/detail/CVE-2020-15400

Code Behaviors & Features

Detect and mitigate CVE-2020-15400 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →